Authentication as a Service

In partnership with Swivel Secure, the owners of PINsafe, a multifactor authentication solution inTHiNK has successfully delivered a solution to hosting PINsafe in the cloud opening the way to delivering bank grade authentication as a service at a price affordable to all.

inTHiNK has developed a fully standards based Security Token Service that sits in front of PINsafe allowing the service to engage in the exchange of SAML-based claims leveraging the core value of PINsafe’s guaranteed one-time code algorithm.

As shown in the diagram here, a trust relationship is created between a relying application, here it is an Azure hosted .NET web application, but it could exist anywhere, and the PINsafe Federation Service (the Security Token Service). On entering the application, the client is redirected to PINsafeFS where they are challenged to submit a valid username and pin  through this services relationship with PINsafe itself.The client submits a user name and one time pin code and on successful validation are redirected back to the relying application with a valid SAML ticket that can be used by the relying application.

To try it out, just visit http://pinsafe.cloudapp.net and see for yourself.

Once you hit this site you will be redirected to PINsafeFS and asked for a username and pin.

• Type in the user name test and tab to the password.
• A unique TURing string will now appear.
• Type in the characters that appear at position 1,2,3 and 4 of this string into the password field.
• Submit and you will be validated by PINsafe
• Once validated, a set of claims about the user will be wrapped in a SAML token and passed back to the relying application.
• Back on the relying application, this SAML token is unpacked and the claims are accessed which include the user name.

Simple!

PINsafeFS is now in beta and available to clients to work with. The next phase will see the delivery of a full featured self-service portal to allow relying applications to manage their identities and the claims they wish to store and use for their users.

PINsafeFS is full standards based and non-invasive using WS-* protocols and SAML tokens.

Now

Advertisement

inTHiNK! it’s official!

After 5 great years of fun at Microsoft UK it’s time for me to say so long as I move on to new things although I fully expect to remain part of the Microsoft ecosystem and still haunt the corridors of the UK Campus from time to time!

So what does a Microsoft Architect do after Microsoft? Well more architecture it seems from the business through to its people and the systems the use. There are actually three main strands to my post-Microsoft strategy that I’ll summarise below:

As you may know I’ve had a long history with IASA, especially here in the UK where I founded and have chaired the UK chapter for around 6 years now. During this time we’ve been developing a credible and sustainable education and certification program for IT architects and now, along with my colleagues at IASA, I want to bring this to Europe. We’re holding our next UK certification boards this November but the plans for IASA Europe are much bigger than just this.

inTHiNK! is the name of my new professional services practice www.inthink.co.uk. inTHiNK! will offer services from business & technology strategy, architecture practice and guidance through to cloud readiness and enablement. This will scale out through an extensive associate network of solid top-level IT professionals. Contact info@inthink.co.uk if you want to follow up.

As a brand new bizspark partner I will be seeking to exploit the value of the Azure platform delivering a new breed of SaaS enablers and business offerings to the market!

 

Here’s my new contact details if you wish to stay in touch

Matt Deacon
CEO, inTHiNK! Ltd
www.inthink.co.uk
mattdeacon.wordpress.com
www.twitter.com/mattdeacon